Vulnerabilities—CVE-2021-44790 and CVE-2021-44224

80 views
Skip to first unread message

Abhijeet Suryakar

unread,
Dec 28, 2021, 7:02:22 AM12/28/21
to TortoiseSVN

Hi,

Could you please confirm Vulnerabilities—CVE-2021-44790 and CVE-2021-44224  are applicable for Tortoise SVN.?

Reference:

Stefan

unread,
Dec 28, 2021, 7:16:07 AM12/28/21
to TortoiseSVN
sorry, can't confirm.

Abhijeet Suryakar

unread,
Dec 28, 2021, 10:04:06 AM12/28/21
to TortoiseSVN
Hi Stefan,

Who can help/suggest on it?

On Tuesday, 28 December 2021 at 17:46:07 UTC+5:30 Stefan wrote:
sorry, can't confirm.

Stefan

unread,
Dec 28, 2021, 10:16:09 AM12/28/21
to TortoiseSVN
maybe look at this list? This has been asked before.
And not just on this list - I'm getting at least 4 emails to my private account every day, which is getting really, really annoying. Why can't people just look at this list? Or do a search on this list?



Daniel Sahlberg

unread,
Dec 28, 2021, 4:07:50 PM12/28/21
to TortoiseSVN
tisdag 28 december 2021 kl. 16:16:09 UTC+1 skrev Stefan:
maybe look at this list? This has been asked before.

Actually, these are not the log4j vulnerabilities but new ones affecting Apache HTTP Server. Anyway, TortoiseSVN doesn't contain Apache HTTP so it shouldn't affect TortoiseSVN.

It may affect the SVN server, but that question should be asked to the server vendor/distribution.

And not just on this list - I'm getting at least 4 emails to my private account every day, which is getting really, really annoying. Why can't people just look at this list? Or do a search on this list?

I'm not sure it would help but what about putting up a news entry on the website? We tried on subversion.apache.org and we havn't received any questions since. At least any requests could be answered with just the link to the news item.

Kind regards,
Daniel

Abhijeet Suryakar

unread,
Dec 29, 2021, 12:46:37 AM12/29/21
to TortoiseSVN
Hi Stefan,
Thanks for the update. I have looked up at the updates and i didn't get clarity on it. Hence asked.
Please don't get annoyed. Have a happy holidays!

Stefan

unread,
Dec 29, 2021, 1:43:48 AM12/29/21
to TortoiseSVN
Since as you mentioned this is for yet another CVE, I don't think this will work well: I can't deny all CVE's that exist on the website. I mean since when do we have to deny vulnerabilities and not acknowledge them if they affect us? Once we start listing CVE's that don't affect us on the website it will never end...

Reply all
Reply to author
Forward
0 new messages